1 / 13

The Therac-25: A Software Fatal Failure

The Therac-25: A Software Fatal Failure. Kpea, Aagbara Saturday. SYSM 6309 Spring ’12 UT-Dallas. The Therac-25 was a medical linear accelerator, used to treat cancer patients to remove tumors. What is the Therac-25 ?.

jimbo
Download Presentation

The Therac-25: A Software Fatal Failure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Therac-25:A Software Fatal Failure Kpea, Aagbara Saturday. SYSM 6309 Spring ’12 UT-Dallas

  2. The Therac-25 was a medical linear accelerator, used to treat cancer patients to remove tumors. What is the Therac-25 ?

  3. Early1970’s, AECL (Atomic Energy of Canada Limited)and a French Company (CGR) collaborate to build Medical Linear Accelerators (linacs). • They develop Therac-6, and Therac-20. • AECL and CGR end their working relationship in 1981. • In 1976, AECL develops the revolutionary "double pass" accelerator which leads to the development of Therac-25. • In March, 1983, AECL performs a safety analysis of Therac-25 which apparently excludes an analysis of software. Background Information

  4. July 29,1983, the Canadian Consulate General announces the introduction of the new "Therac 25" Machine manufactured by AECL Medical, a division of Atomic Energy of Canada Limited. • Medical linear accelerators (linacs) known generally as “Therac-25”. Background info …

  5. Medical linear accelerators accelerate electrons to create high-energy beams that can destroy tumors with minimal impact on surrounding healthy tissue • Shallow tissue is treated with accelerated electrons • Scanning magnets placed in the way of the beam; the spread of the beam (and thus its power) could be controlled by a magnetic fields generated by these magnets • Deeper tissue is treated with X-ray photons • The X-ray beam is flattened by a device in the machine to direct the appropriate intensity to the patient. • Beams kill (or retard the growth of) the cancerous tissues What it does:

  6. At East Texas Cancer Center in Tyler, Texas, a patient complains of a bright flash of light, heard a frying, buzzing sound, and felt a thump and heat like an electric shock. • This indicates radiation overdose by Therac-25 machines after cancer treatment session • A few days after the unit was put back into operation, another patient complained that his face felt like it was on fire. • Another potential overdose of radiation beam by Therac-25. • Both patients died after 4months and 3 weeks respectively due to administered overdose of radiation Accidents with Therac-25

  7. The problem was a race condition produced by a flaw in the software programming. • Management inadequacies and lack of procedures for following through on all reported incident. • Overconfidence in the software and removal of hardware interlocks. Causes of the Accidents

  8. Operator selected x-rays by mistake, used cursor keys to change to electrons • Machine tripped with “Malfunction 54” • – Documentation explains this is “dose input 2” error • Operator saw “beam ready” proceeded; machine tripped again Reasons for the cause of the accidents

  9. Error messages provided by Therac-25 monitor are not helpful to operators • Machine pauses treatment but does not indicate reason why • The equipment control task did not properly synchronize with the operator interface task, so that race conditions occurred if the operator changed the setup too quickly. • Software is required to monitor several activities simultaneously in real time • Interaction with operator • Monitoring input and editing changes from an operator • Updating the screen to show the current status of machine • There were no independent checks that the software was operating correctly (verification) Requirements Issues

  10. Documentation should not be an afterthought. • Software quality assurance practices and standards should be established. • Designs should be kept simple and ensure user-friendly interfaces • Ways to get information about errors, i.e., software audit trails should be designed into the software from the beginning. • The software should be subjected to extensive testing and formal analysis at the module and software level. • System testing alone is not adequate; verification would be very valuable. • Involve users at all phases product development Recommendations

  11. The Therac-25 Accidents (PDF), by Nancy G. Leveson (the 1995 update of the IEEE Computer article) • http://en.wikipedia.org/wiki/Therac-25 References

More Related